i-am-doh is a utility that filters approximately 75% of all false-positives given by an IDS. It uses existing reliable tools like Nmap, Nessus, and Amap to validate IDS alerts based on the following criteria and techniques: OS identification, service identification, port scanning, vulnerability scanning, online CVE and bug interpretation, and server importance weighting.
8240812efc3fddb3c130b13349ca734da19a96a92366c88e4e6aa21be0bd7fd3